Commit graph

18 commits

Author SHA1 Message Date
Manorit Chawdhry
c97ed47b42 mach-k3: security: improve the checks around authentication
The following checks are more reasonable as the previous logs were a bit
misleading as we could still get the logs that the authetication is
being skipped but still authenticate. Move the debug prints and checks
to proper locations.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
2023-07-28 10:11:01 -04:00
Manorit Chawdhry
44dab78580 arch: mach-k3: security: fix the check for authentication
Fix regression occurred during refactoring for the mentioned commit.

Fixes: bd6a247593 ("arm: mach-k3: security: separate out validating binary logic")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
2023-07-21 19:37:57 -04:00
Manorit Chawdhry
bd6a247593 arm: mach-k3: security: separate out validating binary logic
K3 GP devices allows booting the secure binaries on them by bypassing
the x509 header on them.

ATF and OPTEE firewalling required the rproc_load to be called before
authentication. This change caused the failure for GP devices that
strips off the headers. The boot vector had been set before the headers
were stripped off causing the runtime stripping to fail and stripping
becoming in-effective.

Separate out the secure binary check on GP/HS devices so that the
boot_vector could be stripped before calling rproc_load. This allows
keeping the authentication later when the cluster is on along with
allowing the stripping of the binaries in case of gp devices.

Fixes: 1e00e9be62 ("arm: mach-k3: common: re-locate authentication for atf/optee")

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
2023-05-30 15:13:44 -04:00
Andrew Davis
f392860c2e arm: mach-k3: Remove empty sys_proto.h include
This header file is now empty, remove it.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Christian Gmeiner <christian.gmeiner@gmail.com>
2023-04-24 13:18:48 -04:00
Andrew Davis
b0931d1bd1 arm: mach-k3: security: Use dma-mapping for cache ops
This matches how this would be done in Linux and these functions
do the alignment for us which makes the code look cleaner.

Signed-off-by: Andrew Davis <afd@ti.com>
2022-10-18 13:40:40 -04:00
Andrew Davis
b661c1bc92 arm: mach-k3: security: Remove certificate if detected on GP device
If the device is a GP and we detect a signing certificate then remove it.
It would fail to authenticate otherwise as the device is GP and has no
secure authentication services in SYSFW.

This shouldn't happen often as trying to boot signed images on GP devices
doesn't make much sense, but if we run into a signed image we should at
least try to ignore the certificate and boot the image anyway. This could
help with users of GP devices who only have HS images available.

If this does happen, print a nice big warning.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
2022-08-04 15:32:20 -04:00
Andrew Davis
a0379c6fe3 arm: mach-k3: security: Bypass image signing at runtime for GP devices
We can skip the image authentication check at runtime if the device is GP.
This reduces the delta between GP and HS U-Boot builds. End goal is
to re-unify the two build types into one build that can run on all
device types.

Signed-off-by: Andrew Davis <afd@ti.com>
2022-08-04 15:32:20 -04:00
Andrew Davis
e1ef04fb3e arm: mach-k3: security: Allow signing bypass if type is HS-FS
On HS-FS devices signing boot images is optional. To ease use
we check if we are HS-FS and if no certificate is attached
to the image we skip the authentication step with a warning
that this will fail when the device is set to security enforcing.

Signed-off-by: Andrew Davis <afd@ti.com>
2022-08-04 15:32:20 -04:00
Tero Kristo
547b277cd9 arm: mach-k3: add support for detecting firmware images from FIT
Add callback routines for parsing the firmware info from FIT image, and
use the data to boot up ATF and the MCU R5 firmware.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>
2021-06-11 16:34:52 +05:30
Lokesh Vutla
481d394e77 common: fit: Update board_fit_image_post_process() to pass fit and node_offset
board_fit_image_post_process() passes only start and size of the image,
but type of the image is not passed. So pass fit and node_offset, to
derive information about image to be processed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Tero Kristo <kristo@kernel.org>
2021-06-11 16:34:52 +05:30
Simon Glass
f7ae49fc4f common: Drop log.h from common header
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 21:19:18 -04:00
Simon Glass
4d72caa5b9 common: Drop image.h from common header
Move this uncommon header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:33 -04:00
Simon Glass
90526e9fba common: Drop net.h from common header
Move this header out of the common header. Network support is used in
quite a few places but it still does not warrant blanket inclusion.

Note that this net.h header itself has quite a lot in it. It could be
split into the driver-mode support, functions, structures, checksumming,
etc.

Signed-off-by: Simon Glass <sjg@chromium.org>
2020-05-18 17:33:31 -04:00
Tom Rini
07add22cab Merge tag '2020-01-20-ti-2020.04' of https://gitlab.denx.de/u-boot/custodians/u-boot-ti
K3 J721E:
* DMA support.
* MMC and ADMA support.
* EEPROM support.
* J721e High Security EVM support.
* USB DT nodes

K3 AM654:
* Fixed boot due to pmic probe error.
* USB support and DT nodes.
* ADMA support

DRA7xx/AM57xx:
* BBAI board support
* Clean up of net platform code under board/ti

AM33/AM43/Davinci:
* Reduce SPL size for omap3 boards.
* SPL DT support for da850-lcdk
* PLL divider fix for AM335x
2020-01-20 14:54:55 -05:00
Andrew F. Davis
95b256ec3f arm: mach-k3: security: Clean image out of cache before authentication
On K3 systems U-Boot runs on both an R5 and a large ARM cores (usually
A53 or A72). The large ARMs are coherent with the DMA controllers and
the SYSFW that perform authentication. And previously the R5 core did
not enable caches. Now that R5 does enable caching we need to be sure
to clean out any of the image that may still only be in cache before we
read it using external DMA for authentication.

Although not expected to happen, it may be possible that the data was
read back into cache after the flush but before the external operation,
in this case we must invalidate our stale local cached version.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
2020-01-20 10:10:28 +05:30
Simon Glass
db41d65a97 common: Move hang() to the same header as panic()
At present panic() is in the vsprintf.h header file. That does not seem
like an obvious choice for hang(), even though it relates to panic(). So
let's put hang() in its own header.

Signed-off-by: Simon Glass <sjg@chromium.org>
[trini: Migrate a few more files]
Signed-off-by: Tom Rini <trini@konsulko.com>
2020-01-17 17:53:40 -05:00
Lokesh Vutla
78e512129b arm: k3: Use get_ti_sci_handle() where ever possible
Instead of calling uclass apis everywhere, use get_ti_sci_handle()
when ever ti_sci is needed.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
2019-09-13 11:56:30 -04:00
Andrew F. Davis
3a543a8084 arm: mach-k3: Add secure device support
K3 devices have High Security (HS) variants along with the non-HS already
supported. Like the previous generation devices (OMAP/Keystone2) K3
supports boot chain-of-trust by authenticating and optionally decrypting
images as they are unpacked from FIT images. Add support for this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Andreas Dannenberg <dannenberg@ti.com>
2019-04-26 17:51:51 -04:00